It would be nice if OpenIDM supported a tree-like organization of Managed User objects (and potentially other managed object types). It could be stored as an additional attribute/column in the repo as a path.
This would allow for greater compatibility with OpenAM realms, LDAP DIT, etc.
UI REST endpoints could be modelled as /managed/<org(1)>/<org(2)/../user/<id>. This would allow for delegated administration over subsets of the user population with access.js and separation of password/string policies in policy.json.
This would also be useful for optimizing syncs when only a subset of users would be in scope (ie multiple sources of user provisioning) as an alternative to sourceQuery/targetQuery.